Abstract: Like today's modern
era, information technology is needed to support the business processes of the
organization. In the use of information technology organization must have
policies and standard operating procedures are good that any work carried out
in the appropriate direction of the organization. Not only that, the
organization must also pay attention to information security of any assets
owned. This final project aims to make policies and standard operating
procedures (SOP) and assessing the information security risk in the assets of
the organization. In the process of this skripsi refers to the standard of ISO
27001 as the standard for information security management and use of
qualitative methodology, where qualitative methodology is a methodology that
produces descriptive data in the form of words written or spoken of people and
behaviors that can be observed. This final project resulted in the level of
risk that is contained in the value of assets and generate recommendations to
improve the security controls in the information security of assets based on
the clauses of ISO 27001. In accordance with the initial objective of this
final project also produce information security policy document and document
information security standard operating procedures.